This week, at Linaro Connect in Hong Kong, we announced an open source Trusted Firmware (TF-M) project, that will deliver a reference implementation of Platform Security Architecture (PSA) trusted code for Armv8-M based microcontrollers. The project is hosted on the Trusted Firmware website and is looking for members to form a fully open governance project. Making TF-M available as open source is an important step in enabling an ecosystem with a high-quality reference implementation. The project will grow over time as we build the basic APIs and firmware framework features to help secure future IoT platforms.
Platform Security Architecture was announced at Arm TechCon last year with industry-wide support to secure low cost IoT devices. It is a holistic set of free deliverables from Arm that aims to make security easier and quicker for the IoT value chain. PSA includes a set of reference architecture documents, hardware requirements specifications, open source code, APIs and threat models. Many useful PSA-related documents such as threat models are already public, others are currently available with an NDA but will be made public as they reach sufficient maturity.
Trusted Firmware M (TF-M) is the name of the new open source project that will provide a reference implementation of PSA trusted code, created for the latest Armv8-M microcontrollers with Arm TrustZone technology. TF-M will provide foundational firmware components as a reference implementation that our silicon partners and OEMs can build on (including trusted boot, secure device initialisation and secure function invocation).
Arm Mbed OS targets the entire Arm Cortex-M family, incorporating transport, lifecycle and device security features utilising the hardware available. Transport security is based on Mbed TLS, lifecycle security such as firmware update is based on Mbed Cloud, and for Armv8-M based targets, Mbed OS will use TF-M to provide PSA-compliant device security.
TF-M is in a growth phase this year. We want to deliver a basic set of APIs (for crypto, attestation and secure storage, audit logging etc.) that can be relied on by the developer ecosystem in a PSA system. In TF-M, these will be implemented as Trusted Functions and should be useful in providing trusted building blocks for the industry, that can be extended where necessary. To provide isolation for the trusted functions and a method of controlling them we will be building a reference Secure Partition Manager and supporting secure IPC calls. Multiple build configurations will be supported allowing code to work with resource-constrained devices as well as devices with more security hardware capabilities (such as crypto accelerators and security subsystems).
Linaro is forming a new division to host open governance open source projects. TF-M will be hosted on the Trusted Firmware website and be operated independently from the main Linaro organisation: it will have its own board, committees and funding. Project membership will be open equally to Linaro members and non-members, plus board members who invest in the project will be able to steer the strategy and project plan.
Over time we anticipate that our silicon partners may want to provide SoC support and provide contributions to the project. Additionally, partners providing software integrations, additional secure services or secure OSes may also want to contribute. There may be community interest in having PSA reference trusted code for different hardware configurations, such as dual Armv7-M or coupling a microcontroller with an integrated or external Secure Element. We hope that these solutions grow to fit market needs over time.
Trusted Firmware isn’t a new concept, Arm already has an existing successful open source project for trusted software on Armv8-A based applications processors. It provides the foundations for a Trusted Execution Environment and most Arm partners who have a modern Cortex-A processor use parts of it in their designs. Functionality includes a reference implementation of Trusted Boot and a small runtime that acts as a secure monitor, interrupt handler and power management interface (PSCI). Trusted Firmware-A (TF-A) has been running for several years and keeps up to date with the latest Arm IP. Due to the growing industry importance of this software we are pleased to announce that TF-A will also be migrating from GitHub to the Trusted firmware website later this year.
Please visit the public GIT containing the master codebase at Trusted Firmware Git Hosting and choose either a simulation model (some are free) or an Arm development board to run it on*. There is a public Gerrit review server for patch submissions and a phabricator ticket server to raise issues, log bugs or make change requests.
If IoT security on resource constrained systems is important to your company, please get involved with TF-M. We welcome users to download the code, contributors to grow the project and organisations that want to get more deeply involved to join as board members. We are starting the next stage of the journey in Trusted Firmware and hope you can join us.
Get the software today
*You can get started with the code today and run it on a variety of simulation models (IoT Kit FVP or AEMv8-M). Alternatively, if you want to use hardware development boards, you can request our new development platform Arm Musca here. Alternatively, you can use Arm MPS2+ and Arm MPS3 using the Arm CoreLink SSE-200 subsystem FPGA images.
If you're working with a Musca board, there's a set of related links and resources in this area of Arm's Community pages: https://community.arm.com/dev-platforms/w/docs/284/musca-a1-development-board